Overview

overview

10

Static

static

4C58336AAA...FB.exe

windows7_x64

10

4C58336AAA...FB.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4C58336AAA28C4CC966940F6C482D1FB.exe

  • Size

    450KB

  • Sample

    210622-g5pn9s4mta

  • MD5

    4c58336aaa28c4cc966940f6c482d1fb

  • SHA1

    28b49ac264ffc42ab967954e3ca4a96c52c3329e

  • SHA256

    a070e626348cff81c78f7f55a2802dfb4de6aa425fe2d1683ec527237865fcaf

  • SHA512

    b1c48e6d07160ef44e84dce4666d63ab797aea99befb3a6468ea42bae1966dd38ff30829108f0fb796e78dc91c35c2aaa21459a5aa01369ef311d19b7e99bb96

Score
10/10
asyncratpyinstallerrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

jeazerlog.duckdns.org:6606

jeazerlog.duckdns.org:7707

jeazerlog.duckdns.org:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    YGrbOsxKn7SFWDJcMblkdm9RcvAs20hL

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    beta

  • host

    jeazerlog.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808

  • version

    0.5.7B

aes.plain

Targets

    • Target

      4C58336AAA28C4CC966940F6C482D1FB.exe

    • Size

      450KB

    • MD5

      4c58336aaa28c4cc966940f6c482d1fb

    • SHA1

      28b49ac264ffc42ab967954e3ca4a96c52c3329e

    • SHA256

      a070e626348cff81c78f7f55a2802dfb4de6aa425fe2d1683ec527237865fcaf

    • SHA512

      b1c48e6d07160ef44e84dce4666d63ab797aea99befb3a6468ea42bae1966dd38ff30829108f0fb796e78dc91c35c2aaa21459a5aa01369ef311d19b7e99bb96

    Score
    10/10
    asyncratpyinstallerrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks